Privacy Policy
Last Updated: 27 October 2025
This Privacy Policy (“Policy”) explains how TOYA LTD (“Toya”, “TOYA”, “we”, “our”, or “us”) collects, uses, stores, and shares personal data when you interact with our websites, products, and services. We are committed to protecting your privacy and ensuring compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and, where relevant, the California Consumer Privacy Act (CCPA).
Company Details
TOYA LTD
Reg. Number: 16800469
Registered Office: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
1. Definitions
- “Personal Data”: Any information relating to an identified or identifiable natural person.
- “Processing”: Any operation performed on Personal Data (collection, storage, use, etc.).
- “User”: Any visitor or user of our websites or services.
- “Client/Consultant”: Any individual or entity interacting with Kemaya under a contractual or service relationship.
2. What Data We Collect
We collect the following categories of Personal Data:
- Information you provide: name, email address, phone number, billing information, CV/resume, company data, etc.
- Automatically collected data: IP address, browser type, device information, operating system, location data, and usage patterns.
- Third-party data: information obtained from social media, business directories, partners, or public sources.
- Sensitive data: Only collected when necessary and with your explicit consent.
3. How We Collect Data
We collect data in the following ways:
- When you visit or use our websites, forms, or platforms
- When you communicate with us via email, chat, or phone
- When you apply for a job or send us a resume
- Through cookies and similar technologies
- From third-party services (e.g., Google Analytics, social platforms)
4. Legal Basis for Processing
We process your Personal Data on the following legal grounds:
- Your consent (e.g., for marketing or non-essential cookies)
- Performance of a contract with you
- Compliance with legal obligations
- Legitimate interest, such as platform improvement, security, or customer relationship management
5. How We Use Your Data
Your Personal Data may be used to:
- Provide and improve our services
- Manage user accounts and customer relationships
- Communicate with you
- Fulfill legal and tax obligations
- Prevent fraud and ensure security
- Analyze trends and performance (analytics)
- Conduct marketing, recruitment, and support operations
6. Data Retention
We retain your data only as long as necessary for the purposes described above:
- Typically for the duration of your relationship with us, plus 5 years
- Longer if required for legal, tax, or regulatory compliance
- Data can be deleted upon request, subject to legal exceptions
7. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- TLS encryption
- Access control and monitoring
- Pseudonymization and anonymization
- Secure data storage and backups
- Regular security audits
8. Sharing Your Data
We may share your Personal Data with:
- Authorized employees and contractors
- Third-party service providers (e.g., hosting, analytics, payment processors)
- Legal authorities or regulators, when required
- Other parties with your consent or as part of a business transfer
All third parties are bound by confidentiality and data protection agreements.
9. International Data Transfers
If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries deemed to have adequate protection by the EU
10. Cookies
We use cookies to personalize and improve your experience. You can manage your preferences via the cookie banner or browser settings.
- Essential cookies – Required for core functionality
- Analytical cookies – Help us understand usage (e.g., via Google Analytics)
- Functional cookies – Remember your settings/preferences
- Marketing cookies – Support ad targeting and retargeting
For more details, refer to our [Cookie Policy].
11. Your Rights
Under the GDPR and applicable laws, you have the right to:
- Access your Personal Data
- Correct or update inaccurate data
- Request deletion (“right to be forgotten”)
- Restrict or object to processing
- Withdraw consent at any time
- Request data portability
- Lodge a complaint with a supervisory authority (e.g., Estonian Data Protection Inspectorate)
To exercise your rights, contact: legal@toya.finance
12. Recruitment and Job Applications
Personal data submitted during recruitment will be used solely for hiring decisions and may be stored for future opportunities with your consent.
13. External Links
Our websites or platforms may include links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies separately.
14. Policy Updates
We may revise this Privacy Policy from time to time. Any significant changes will be communicated via our platform or email. Continued use of our services implies acceptance of the updated Policy.
15. Contact Us
For any questions or concerns regarding this Privacy Policy or your data, please contact our Data Protection Officer:
Email: legal@toya.finance
Mailing Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ